System for controlling access to device-to-device communication services in wireless network

ABSTRACT

Embodiments of the invention provide methods, devices and computer programs arranged to facilitate access to device-to-device (D2D) communication services in a communication network. One embodiment includes an apparatus for use in controlling access to a D2D communication service in a communication network, the apparatus including a processing system arranged to cause the apparatus to: receive a D2D discovery signal including data indicative of said D2D communication service; determine a verification state for the D2D communication service as one of a first verification state and a second, different, verification state, on the basis of said received D2D discovery signal, the first verification state being one in which said D2D communication service can be verified by the apparatus; and in the event that said D2D communication service is determined to be in the second verification state, transmit data indicative of said D2D communication service for verification by the communication network.

TECHNICAL FIELD

The present invention relates to methods and apparatus for facilitatingaccess to a device-to-device communication service. More particularly,embodiments relate to a mechanism for use in requesting access to adevice-to-device communication service.

BACKGROUND

The following meanings for the abbreviations used in this specificationapply:

CN core network

D2D device-to-device

eNB enhanced node B

eNodeB enhanced node B

EPC evolved packet core

EPS evolved packet system

EUTRAN Evolved Universal Terrestrial Radio Access Network

ID identification

LTE Long Term Evolution

LTE-A LTE Advanced

MAC medium access control

MME mobility management entity

PLMN public land mobile network

RB radio bearer

RRC radio resource control

S-GW service gateway

SIB system information block

SRB signalling radio bearer

UE user equipment

UL uplink

In the last few years, an increasing extension of communicationnetworks, e.g. of wire based communication networks, such as theIntegrated Services Digital Network (ISDN), DSL, or wirelesscommunication networks, such as the cdma2000 (code division multipleaccess) system, cellular 3rd generation (3G) communication networks likethe Universal Mobile Telecommunications System (UMTS), enhancedcommunication networks based e.g. on LTE, cellular 2nd generation (2G)communication networks like the Global System for Mobile communications(GSM), the General Packet Radio System (GPRS), the Enhanced Data Ratesfor Global Evolutions (EDGE), or other wireless communication system,such as the Wireless Local Area Network (WLAN), Bluetooth or WorldwideInteroperability for Microwave Access (WiMAX), took place all over theworld. Various organisations, such as the 3rd Generation PartnershipProject (3GPP), Telecoms & Internet converged Services & Protocols forAdvanced Networks (TISPAN), the International Telecommunication union(ITU), 3rd Generation Partnership Project 2 (3GPP2), InternetEngineering Task Force (IETF), the IEEE (Institute of Electrical andElectronics Engineers), the WiMAX Forum and the like, are working onstandards for telecommunication network and access environments.

Recently, so-called “proximity-based” applications and services cameinto the focus of further developments in the field oftelecommunications. The term proximity-based applications and servicesmay be used, for example, in cases where two or more devices (i.e. twoor more users), which are close to each other, are interested inexchanging data, if possible, directly with each other. Currently, such“proximity-based” applications operate fully “over the top” and arebased on “high-level software”, typically relying on a mix of GPSlocation and of the 3GPP mobile systems used as “data pipes”.

However, such an approach presents fundamental technology limitationsfrom the point of view of e.g. device battery life (due to the extensiveGPS usage), signalling load to the network (due to the required uplinkbursty traffic) and simplicity (due to the “proactive” behaviourrequired of the user, e.g. the “check in”).

While the use of an unlicensed-spectrum communication can address someof the aspects mentioned earlier, it still presents some limitations.For example, discovery processes are being defined based on directmessage exchanges which are thus not optimal for operation over longerranges (hundreds of metres or more), or preserve a reasonable batterylife. For the same reason, an unlicensed option cannot be expected toscale among a large number of devices.

For future cellular communication networks, a possible method for suchproximity-based applications and services is the so-calleddevice-to-device (D2D) communication. D2D offers a high communicationspeed, large capacity and a high quality of service, which are importantfeatures to be achieved. Advantages achievable by the implementation ofD2D communications in the cellular communication environment are, forexample, an offloading of the cellular system, reduced batteryconsumption due to lower transmission power, an increased data rate, animprovement in local area coverage robustness to infrastructure failuresand also an enablement of new services. This is possible while alsoproviding access to licensed spectrum with a controlled interferenceenvironment to avoid the uncertainties of license exempt band. Due tothis, D2D communication gains more and more attraction and interest.

However, in order to make D2D communication feasible in communicationnetworks, such as those based on 3GPP LTE systems, it is necessary toprovide a fast and efficient mechanism for requesting access to D2Dservices.

Embodiments are directed towards providing an improved method ofrequesting access to D2D services in communication networks.

SUMMARY

In a first exemplary embodiment there is provided an apparatus for usein controlling access to a device-to-device (D2D) communication servicein a communication network, the apparatus comprising at least oneprocessor and at least one memory including computer program code, theat least one memory and the computer program code being configured to,with the at least one processor, cause the apparatus at least to:receive a D2D discovery signal comprising data indicative of said D2Dcommunication service; determine a verification state for the D2Dcommunication service as one of a first verification state and a second,different, verification state, on the basis of said received D2Ddiscovery signal, the first verification state being one in which saidD2D communication service can be verified by the processing system; andin the event that said D2D communication service is determined to be inthe second verification state, transmit data indicative of said D2Dcommunication service for verification by the communication network.

In a second exemplary embodiment there is provided a method ofcontrolling access to a device-to-device (D2D) communication service ina communication network, the method comprising: receiving a D2Ddiscovery signal comprising data indicative of said D2D communicationservice; determining a verification state for the D2D communicationservice as one of a first verification state and a second, different,verification state, on the basis of said received D2D discovery signal,the first verification state being one in which said D2D communicationservice can be verified; and in the event that said D2D communicationservice is determined to be in the second verification state,transmitting data indicative of said D2D communication service forverification by the communication network.

The first and second exemplary embodiments are most convenientlyimplemented in a UE. Embodiments also include a computer programcomprising a set of instructions, which, when executed by a UE, causethe UE to perform a method according to the second embodiment.

In a third exemplary embodiment there is provided an apparatus for usein controlling access to a device-to-device (D2D) communication serviceprovided to a D2D device in a communication network, the apparatuscomprising at least one processor and at least one memory includingcomputer program code, the at least one memory and the computer programcode being configured to, with the at least one processor, cause theapparatus at least to: receive a first message comprising dataindicative of said D2D communication service; verify whether said D2Dcommunication service is authorised for said communication network; andtransmit a second message comprising data indicative of the result ofsaid verification for reception by said D2D device.

In a fourth exemplary embodiment there is provided a method ofcontrolling access to a device-to-device (D2D) communication serviceprovided to a D2D device in a communication network, the methodcomprising: receiving a first message comprising data indicative of saidD2D communication service; verifying whether said D2D communicationservice is authorised for said communication network; and transmitting asecond message comprising data indicative of the result of saidverification for reception by said D2D device.

The third and fourth exemplary embodiments are most convenientlyimplemented in a service gateway. Embodiments also include a computerprogram comprising a set of instructions, which, when executed by aservice gateway, cause the service gateway to perform a method accordingto the fourth embodiment.

In a fifth exemplary embodiment there is provided an apparatus for usein facilitating access to a device-to-device (D2D) communication serviceprovided to a D2D device in a communication network, the apparatuscomprising at least one processor and at least one memory includingcomputer program code, the at least one memory and the computer programcode being configured to, with the at least one processor, cause theapparatus at least to: receive a first message comprising a firstindication whether said D2D device is authorised for said communicationnetwork; receive a second message comprising a second indication whethersaid D2D communication service is authorised for said communicationnetwork; transmit a third message for reception by the D2D device, thethird message comprising a combination of the indication of the firstand second indications.

In a sixth exemplary embodiment there is provided a method offacilitating access to a device-to-device (D2D) communication serviceprovided to a D2D device in a communication network, the methodcomprising: receiving a first message comprising a first indicationwhether said D2D device is authorised for said communication network;receiving a second message comprising a second indication whether saidD2D communication service is authorised for said communication network;and transmitting a third message for reception by the D2D device, thethird message comprising a combination of the indication of the firstand second indications.

The fifth and sixth exemplary embodiments are most convenientlyimplemented in a base station. Embodiments also include a computerprogram comprising a set of instructions, which, when executed by a basestation, cause the base station to perform a method according to thesixth embodiment.

Further features and advantages of the invention will become apparentfrom the following description of preferred embodiments of theinvention, given by way of example only, which is made with reference tothe accompanying drawings.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a logic flow diagram that illustrates the operation of amethod, and a result of execution of computer program instructionsembodied on a computer readable memory, in accordance with exemplaryembodiments.

FIG. 2 is a flow diagram that illustrates the various steps performed byUE, mobility management entity, base station and service gatewayaccording to embodiments.

FIG. 3 is a logic flow diagram that illustrates the operation of amethod, and a result of execution of computer program instructionsembodied on a computer readable memory, in accordance with exemplaryembodiments.

FIG. 4 is a logic flow diagram that illustrates the operation of amethod, and a result of execution of computer program instructionsembodied on a computer readable memory, in accordance with exemplaryembodiments.

FIG. 5 is a logic flow diagram that illustrates the operation of amethod, and a result of execution of computer program instructionsembodied on a computer readable memory, in accordance with exemplaryembodiments.

FIG. 6 is a flow diagram that illustrates the various steps performed byUE, mobility management entity, base station and service gatewayaccording to embodiments.

FIG. 7 is a simplified block diagram of various network devices, whichare exemplary electronic devices suitable for use in practicing theexemplary embodiments.

DETAILED DESCRIPTION

Embodiments are concerned with controlling access to device-to-device(D2D) communication services in a communication network so as to preventaccess to unauthorised D2D service providers.

In the following, examples and embodiments of the present invention aredescribed with reference to the drawings. For illustrating the presentinvention, the examples and embodiments will be described in connectionwith a cellular communication network based on a 3GPP LTE system.However, it is to be noted that the present invention is not limited toan application using such types of communication system, but is alsoapplicable in other types of communication systems and the like.

A basic system architecture of a communication network where examples ofembodiments of the invention are applicable may comprise a commonlyknown architecture of one or more communication networks comprising awired or wireless access network subsystem and a core network. Such anarchitecture may comprise one or more mobility management entities(MME), one or more access network control elements and radio accessnetwork elements, such as a base station (BS), eNodeB or eNB, with whicha communication network element or device such as a UE or another devicehaving a similar function, such as a modem chipset, a chip, a moduleetc., which can also be part of a UE or attached as a separate elementto a UE, or the like, is able to communicate via one or more channelsfor transmitting several types of data.

The network is in communication with various D2D management entities,namely a service gateway, a D2D registration server and a packetgateway, which control provisioning of D2D communication services.

The general functions and interconnections of the described elements,which also depend on the actual network type, are known to those skilledin the art and described in corresponding specifications, so that adetailed description thereof is omitted herein. However, it is to benoted that several additional network elements and signalling links maybe employed for a communication connection to or from UEs or eNBs,besides those described in detail herein below.

Referring to FIGS. 1 and 2, in accordance with an exemplary embodiment,a UE 70 (hereinafter D2D device) receives a D2D discovery signalcomprising data indicative of a D2D communication service (step 101).The D2D discovery signal may be received from a further UE 50 that isproviding the D2D communication service. Thereafter, the D2D device 70determines a verification state for the D2D communication service as oneof a first verification state and a second, different, verificationstate, on the basis of said received D2D discovery signal (step 103).The first verification state is one in which said D2D communicationservice can be verified by the D2D device 70. By comparison, in thesecond verification state, the D2D communication service cannot beverified by the D2D device 70. In the event that the D2D communicationservice is determined to be in the second verification state, the D2Ddevice 70 transmits data indicative of the D2D communication service,for example a service verification request, for verification by thecommunication network (step 105).

Embodiments thus provide a mechanism whereby D2D devices, such as theD2D device 70, can efficiently request verification of D2D communicationservices that cannot be locally verified. Furthermore, as D2D devicesonly request verification of D2D communication services that cannot beverified locally, the above-described network-based service verificationmechanism represents an efficient utilisation of network resources.

In at least some arrangements, the service verification requesttransmitted by the D2D device 70 at step 105 is for receipt by a CNentity, such as the afore-mentioned MME 10 or the like. As is wellknown, control plane messages are transmitted using a Signal RadioBearer (SRB), and their transmission is prioritised by the CN.Transmitting the service verification request in a control plane messageis therefore advantageous in that it enables the verification requeststo be transmitted as quickly as possible.

The control plane message may be a Non Access Stratum (NAS) message. Forexample, if the second D2D device 70 were in RRC_IDLE state, the D2Ddevice 70 would transmit the NAS message in a RRC signalling message, soas to cause transition into a different RRC state, such as RRC_CONNECTEDstate. As described above, the RRC signalling message comprising the NASmessage is for receipt by a CN entity, such as the MME 10, which, inresponse to receipt thereof, processes an RRC portion of the messageaccording to conventional procedures, and transmits the serviceverification message comprised therein to a service verification entity,such as the afore-mentioned service gateway 30. It is to be noted thatthe MME 10 may additionally serve as a service verification entity, inwhich case, the MME 10 may additionally process the service verificationrequest. The above-mentioned RRC signalling messages comprise aRRCConnectionRequest or a RRCConnectionSetupComplete message. Theservice verification message may alternatively comprise a non-3GPPdedicated tunneled information message.

Thus, the embodiments advantageously combine service verification withRRC connection establishment, thereby simultaneously causing the D2Ddevice 70 to transit into a state in which it can access the D2Dcommunication service. Accordingly, the embodiments enable fast andefficient service verification and access.

An overview of the steps performed by a CN entity, such the MME 10, inresponse to receiving an RRC signalling message comprising a serviceverification request will now be described with reference to FIGS. 2 and3. In response to receiving a service verification request, the MME 10verifies whether the D2D device 70 is authorised for the communicationnetwork (step 301). In dependence on said verification, the MME 10transmits an indication, for example a network indication, that the D2Ddevice 70 is authorised for the communication network for receipt by theD2D device 70 (step 303). Thereafter, the MME 10 transmits the serviceverification request to a service verification entity such as theservice gateway 30 (step 305). As described above, the MME 10 mayadditionally serve as a service verification entity, in which case thetransmission of the service verification request would be to a serviceverification component thereof.

Prior to transmitting the above-mentioned network indication and theservice verification request, the MME 10 may additionally assign aservice verification request identifier to the service verificationrequest for use in identification of any subsequent messages in relationthereto, and transmit the assigned service verification requestidentifier with the network indication and the service verificationrequest. This enables network entities to correlate network and servicemessages corresponding to a given service verification request. As willbe explained in more detail below, the service verification requestidentifier may be used by a network entity, such as the above-mentionedeNodeB 80, in identifying a given service indication corresponding to agiven network indication.

The MME 10 may additionally assign a validity condition with the serviceverification request, in which case the service verification request mayonly be considered valid by network entities, such as theafore-mentioned eNodeB 80, if the validity condition is satisfied. Bycontrast, when the validity condition is not satisfied, the serviceverification request may be considered invalid or expired. For example,the service verification request may include a validity time period.

An overview of the steps performed by a service verification entity,such the service gateway 30, in response to receiving a serviceverification request will now be described with reference to FIGS. 2 and4. In response to receiving the service verification request (step 401),the service gateway 30 verifies whether the D2D communication service isauthorised for the communication network (step 403). Thereafter, theservice gateway 30 transmits a message, for example a service responsemessage, comprising data indicative of the result of the verification,for example a service indication, for reception by the D2D device 70(step 405).

When authorising a D2D communication service for the network, theservice gateway 30 may assign a credential of a first type, for examplea service credential, to the D2D communication service. In this case,the service gateway 30 may verify the D2D communication service on thebasis the service credential assigned thereto.

In at least some arrangements, at step 401, an identifier correspondingto the D2D device 70 is received with the service verification request.For example, the identifier may comprise an MSISDN, IMSI or the like. Inthis case, the service gateway 30 may further determine whether the D2Ddevice 70 is authorised to access the D2D communication service, therebyconcluding network-related authorisation checks. As any necessarynetwork authorisation checks are performed simultaneously, the servicegateway 30 expedites access to the D2D communication service.

An overview of the steps performed by the eNodeB 80 when in receipt ofthe network and service indications will now be described with referenceto FIGS. 2 and 5. In response to receiving a first message, for examplea network response message, comprising the above-described networkindication (step 501) and the above-described service response messagecomprising the above-described service indication (step 503), the eNodeB80 transmits a message, for example an authorisation response message,comprising a combination of the network and service indications (step505).

In effect, the authorisation response message is indicative of whetherthe D2D device 70 is authorised for the network and whether the D2Dcommunication service is authorised for the network. Thus, for example,if the D2D device 70 is authorised but the D2D communication service isnot, the D2D device 70 may not transition into the RRC_CONNECTED state,as described above. Therefore, embodiments enable full control of theD2D device 70 to provide a D2D communication service on the basis of theauthorisation information as a whole.

The network response message received at step 501 may additionallycomprise data indicative of the above-described validity condition. Inthis case, the eNodeB 80 may only consider the service response messageif the validity condition is satisfied. For example, the validitycondition may comprise a time period within which the service responsemessage is to be received, in which, subsequent to expiry of the timeperiod, the eNodeB 80 may transmit an indication for receipt by the D2Ddevice 70 that an authorisation check for said D2D communication servicehas failed. In this case, the service verification message receivedafter the expiry of the time period may be discarded. Therefore, theembodiments provide a mechanism for objectively considering serviceverification requests and for expiring them.

Further, the network response message received at step 501 mayadditionally comprise data indicative of the above-described serviceverification request identifier. In this case, the eNodeB 80 canidentify a given service response message corresponding to a givennetwork response message on the basis the service verification requestidentifier, for example, to prepare the above-described authorisationresponse message.

Turning to the steps carried out by the D2D device 70 in response toreceiving the authorisation response message, the D2D device 70 mayselectively request access to the D2D communication service provided bythe UE 50. This D2D communication service access request is selectivebecause it is at least dependent on the network and serviceauthorisation indications. Furthermore, the D2D device 70 may requireuser intervention prior to requesting access, which may, for example,include a confirmation that access to the D2D communication serviceshould be established.

In a preferred arrangement, the D2D device 70 may additionally maintaina list of D2D communication services determined or previously known tobe in the above-described first verification state, and use this listfor determining the verification state associated with the D2Dcommunication service prior to transmitting the service verificationrequest message at step 105. Furthermore, the D2D device 70 maycontinually update this list on the basis of received serviceindications. For example, if the service indication indicates that theD2D communication service is authorised for the network, the D2D device70 may add data indicative of the D2D communication service to the list.

The above-described D2D discovery signal may additionally comprise dataindicative of the above-described service credential. In this case, theD2D device 70 may determine the verification state associated with theD2D communication service on the basis of the service credential (step103). The service gateway 30 may additionally provision a credential ofa second type, for example a service verification credential, to the D2Ddevice 70 for use in verifying the D2D communication service. In thiscase, the D2D device 70 may use the service verification credentialtransmitted thereto for determining the verification state associatedwith the D2D communication service at step 103. Thus, the embodimentsdefine an efficient device-based service verification mechanism.

For completeness, it is noted that the service credential and theservice verification credential may comprise a security key, a checkword and/or an identifier.

In accordance with an alternative arrangement the service verificationrequest may be transmitted in a user plane message. In this case, andreferring to FIG. 6, the service verification request transmitted by theD2D device 70 at step 105 is for receipt by a service verificationentity, such as the service gateway 30 or the like. In addition, to beable to transmit user plane messages, the D2D device 70 may have to bein an active RRC state, such as RRC_CONNECTED state.

The service gateway 30 may process the service verification requestmessage as described above with reference to FIG. 4. Subsequently, theservice gateway 30 transmits the above described service indication forreceipt by the D2D device 70 (step 505). As described above, the serviceindication may be received by the eNodeB 80, which then transmits thereceived service indication to the D2D device 70 (step 605).

FIG. 1 is a logic flow diagram which describes, broadly, the aboveexemplary embodiments from the perspective of the D2D device 70.

FIG. 4 is a logic flow diagram which describes, broadly, the aboveexemplary embodiments from the perspective of a service gateway 30.

FIG. 5 is a logic flow diagram which describes, broadly, the aboveexemplary embodiments from the perspective of an eNodeB 80.

FIGS. 1, 4 and 5 represent results from executing a computer program oran implementing algorithm stored in the local memory of the servicegateway 30, the eNodeB 80 and the D2D device 70 respectively as well asillustrating the operation of a method and a specific manner in whichthe processor and memory with computer program/algorithm are configuredto cause the D2D device 70, the service gateway 30 and the eNodeB 80respectively (or one or more components thereof) to operate. The variousblocks shown in these Figures may also be considered as a plurality ofcoupled logic circuit elements constructed to carry out the associatedfunction(s), or specific result or function of strings of computerprogram code stored in a computer readable memory. Such blocks and thefunctions they represent are non-limiting examples, and may be practicedin various components such as integrated circuit chips and modules, andthat the exemplary embodiments of this invention may be realized in anapparatus that is embodied as an integrated circuit. The integratedcircuit, or circuits, may comprise circuitry (as well as possiblyfirmware) for embodying at least one or more of a data processor or dataprocessors, a digital signal processor or processors, baseband circuitryand radio frequency circuitry that are configurable so as to operate inaccordance with the exemplary embodiments of this invention.

Reference is now made to FIG. 7 for illustrating a simplified blockdiagram of various electronic devices and apparatus that are suitablefor use in practicing the exemplary embodiments of this invention. InFIG. 7 an eNodeB 80 is adapted for communication over a wireless linkwith a mobile apparatus, such as a mobile terminal or devices 50 and 70.The eNodeB 80 may be a remote radio head or relay station, or other typeof base station/cellular network access node.

The devices 50 and 70 include processing means such as at least one dataprocessor (DP) 50A and 70A, storing means such as at least onecomputer-readable memory (MEM) 50B and 70B storing at least one computerprogram (PROG) 50C and 70C, and also communicating means such as atransmitter TX 50D and 70D and a receiver RX 50E and 70E forbidirectional wireless communications with the eNodeB 80 via one or moreantennas 50F and 70F.

The eNodeB 80 includes its own processing means such as at least onedata processor (DP) 80A, storing means such as at least onecomputer-readable memory (MEM) 80B storing at least one computer program(PROG) 80C, and communicating means such as a transmitter TX 80D and areceiver RX 80E for bidirectional wireless communications with otherdevices under its control via one or more antennas 80F. There is a dataand/or control path, termed at FIG. 7 as a control link which in the LTEsystem may be implemented as an Si interface, coupling the eNodeB 80with the MME 10 and over which the eNodeB 80 may receive the service,network and service authentication credentials in various embodimentsabove.

The MME 10 includes processing means such as at least one data processor(DP) 10A, storing means such as at least one computer-readable memory(MEM) 10B storing at least one computer program (PROG) 10C, andcommunicating means such as a transmitter TX 10D and a receiver RX 10Efor bidirectional wireless communications with the eNodeB 80.

Similarly, the service gateway 30 includes processing means such as atleast one data processor (DP) 30A, storing means such as at least onecomputer-readable memory (MEM) 30B storing at least one computer program(PROG) 30C, and communicating means such as a modem 30H forbidirectional communication with the MME10 over the control link. Whilenot particularly illustrated for the devices 50 and 70 and the eNodeB80, those devices are also assumed to include as part of their wirelesscommunicating means a modem which may be inbuilt on a radiofrequency RFfront end chip within those devices 50, 70, 80 and which chip alsocarries the TX 50D/70D/80D and the RX 50E/70E/80E. The service gateway30 also has stored in its local memory at 30G the database which has thedata suitable for authorising all D2D communication services authorisedfor the network and data suitable for determining which D2D devices areauthorised to access them, as the case may be for the variousembodiments detailed above.

At least one of the PROGs 70C in the UE 70 is assumed to include programinstructions that, when executed by the associated DP 70A, enable thedevice to operate in accordance with the exemplary embodiments of thisinvention, as detailed above. The eNodeB 80 and the service gateway 30also have software stored in their respective MEMs to implement certainaspects of these teachings. In these regards the exemplary embodimentsof this invention may be implemented at least in part by computersoftware stored on the MEM 70B, 80B, 30B which is executable by the DPDP 70A of the device 70, DP 80A of the eNodeB 80 and/or DP 30A of theservice gateway 30A, or by hardware, or by a combination of tangiblystored software and hardware (and tangibly stored firmware). Electronicdevices implementing these aspects of the invention need not be theentire devices as depicted at FIG. 7, but exemplary embodiments may beimplemented by one or more components of same such as the abovedescribed tangibly stored software, hardware, firmware and DP, or asystem on a chip SOC or an application specific integrated circuit ASIC.

Various embodiments of the computer readable MEMs 10B, 30B, 50B, 70B and80B include any data storage technology type which is suitable to thelocal technical environment, including but not limited to semiconductorbased memory devices, magnetic memory devices and systems, opticalmemory devices and systems, fixed memory, removable memory, disc memory,flash memory, DRAM, SRAM, EEPROM and the like. Various embodiments ofthe DPs 10A, 30A, 50A, 70A and 80A include but are not limited togeneral purpose computers, special purpose computers, microprocessors,digital signal processors (DSPs) and multi-core processors.

Further, some of the various features of the above non-limitingembodiments may be used to advantage without the corresponding use ofother described features. The foregoing description should therefore beconsidered as merely illustrative of the principles, teachings andexemplary embodiments of this invention, and not in limitation thereof.

The above embodiments are to be understood as illustrative examples ofthe invention. Further embodiments of the invention are envisaged. It isto be understood that any feature described in relation to any oneembodiment may be used alone, or in combination with other featuresdescribed, and may also be used in combination with one or more featuresof any other of the embodiments, or any combination of any other of theembodiments. Furthermore, equivalents and modifications not describedabove may also be employed without departing from the scope of theinvention, which is defined in the accompanying claims.

What is claimed is:
 1. Apparatus for use in controlling access to adevice-to-device (D2D) communication service in a communication network,the apparatus comprising at least one processor and at least one memoryincluding computer program code, the at least one memory and thecomputer program code being configured to, with the at least oneprocessor, cause the apparatus at least to: receive a D2D discoverysignal comprising data indicative of said D2D communication service;determine a verification state for the D2D communication service as oneof a first verification state and a second, different, verificationstate, on the basis of said received D2D discovery signal, the firstverification state being one in which said D2D communication service canbe verified by the apparatus; and in the event that said D2Dcommunication service is determined to be in the second verificationstate, transmit data indicative of said D2D communication service forverification by the communication network.
 2. Apparatus according toclaim 1, wherein the at least one memory and the computer program codeis configured to transmit data indicative of said D2D communicationservice in a Non Access Stratum (NAS) message.
 3. Apparatus according toclaim 2, wherein, while in a Radio Resource Control (RRC) idle operativemode, the at least one memory and the computer program code isconfigured to transmit said NAS message in a RRC signalling message, soas to cause the apparatus to transition into an RRC operative mode otherthan said RRC idle operative mode.
 4. Apparatus according to claim 3,wherein said RRC signalling message comprises a RRCConnectionRequest ora RRCConnectionSetupComplete message.
 5. Apparatus according to claim 1,wherein at least one memory and the computer program code is configuredto transmit data indicative of said D2D communication service in anon-3GPP dedicated information message.
 6. Apparatus according to claim1, wherein responsive to receipt of an indication that said D2Dcommunication service is verified by the communication network, the atleast one memory and the computer program code is further configured torequest access to said D2D communication service.
 7. Apparatus accordingto claim 1, wherein the at least one memory and the computer programcode is further configured to: maintain a list of D2D communicationservices determined to be in the first verification state; and use saidlist in performing said determination of the verification state. 8.Apparatus according to claim 7, wherein, responsive to receipt of anindication that said D2D communication service is verified by thecommunication network, the at least one memory and the computer programcode is further configured to add data indicative of said D2Dcommunication service to said list.
 9. Apparatus according to claim 1,wherein the D2D discovery signal comprises data indicative of acredential of a first type, said credential of the first type beingsuitable for use in verification of said D2D communication service,wherein the at least one memory and the computer program code isconfigured to perform said determination of verification state on thebasis of said credential of the first type.
 10. Apparatus according toclaim 1, wherein the at least one memory and the computer program codeis configured to: receive a credential of a second type; and use thecredential of the second type to determine said verification state. 11.Apparatus according to claim 1, wherein the apparatus comprises a modem.12. A method of controlling access to a device-to-device (D2D)communication service in a communication network, the method comprising:receiving a D2D discovery signal comprising data indicative of said D2Dcommunication service; determining a verification state for the D2Dcommunication service as one of a first verification state and a second,different, verification state, on the basis of said received D2Ddiscovery signal, the first verification state being one in which saidD2D communication service can be verified; and in the event that saidD2D communication service is determined to be in the second verificationstate, transmitting data indicative of said D2D communication servicefor verification by the communication network.
 13. Apparatus for use incontrolling access to a device-to-device (D2D) communication serviceprovided to a D2D device in a communication network, the apparatuscomprising at least one processor and at least one memory includingcomputer program code, the at least one memory and the computer programcode being configured to, with the at least one processor, cause theapparatus at least to perform: receive a first message comprising dataindicative of said D2D communication service; verify whether said D2Dcommunication service is authorised for said communication network; andtransmit a second message comprising data indicative of the result ofsaid verification for reception by said D2D device.
 14. Apparatusaccording to claim 13, wherein the at least one memory and the computerprogram code is configured to perform said verification on the basis ofa credential having been assigned to the D2D communication service bythe apparatus.
 15. Apparatus according to claim 13, wherein the firstmessage comprises an identifier corresponding to the D2D device. 16.Apparatus according to claim 15, wherein the at least one memory and thecomputer program code is further configured to determine whether saidD2D device is authorised to access said D2D communication service on thebasis of said identifier.
 17. A service gateway comprising the apparatusaccording to claim
 13. 18. Apparatus for use in facilitating access to adevice-to-device (D2D) communication service provided to a D2D device ina communication network, the apparatus comprising at least one processorand at least one memory including computer program code, the at leastone memory and the computer program code being configured to, with theat least one processor, cause the apparatus at least to perform: receivea first message comprising a first indication whether said D2D device isauthorised for said communication network; receive a second messagecomprising a second indication whether said D2D communication service isauthorised for said communication network; and transmit a third messagefor reception by the D2D device, the third message comprising acombination of the indication of the first and second indications. 19.Apparatus according to claim 18, wherein the first message specifies atime period within which said second message is to be received, wherein,subsequent to expiry of said time period, the at least one memory andthe computer program code is selectively configured to transmit anindication that an authorisation check for said D2D communicationservice has failed.
 20. Apparatus according to claim 19, wherein,responsive to receipt of said second message subsequent to expiry ofsaid time period, the at least one memory and the computer program codeis configured to discard said second message.
 21. Apparatus according toclaim 18, wherein the at least one memory and the computer program codeis configured to identify a given said second message corresponding to agiven said first message on the basis of an identifier comprisedtherein.
 22. A base station comprising the apparatus according to claim18.